U.S. Markets closed

Major websites offline and Facebook and Google accused of breaching new GDPR rules as deadline chaos strikes

Margi Murphy
The LA Times has taken its website offline for UK and European audiences due to GDPR

A number of news websites have been taken offline for British and European audience under new data law that came into force on Friday, amid accusations that Facebook and Google have already breached the regulations

The LA Times, The New York Daily News, Chicago Times, Chicago Tribune, Orlando Sentinel and Baltimore Sun are all blocked from those trying to access the news in European countries. 

"Unfortunately, our website is currently unavailable in most European countries," a notice on each of the websites read. 

"We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.

"We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism."

Global news site NPR is offering people in European a "plain text" version of its website

Global new website NPR has stripped advertising for European audiences
USA Today welcomes viewers to "European Union experience" without any adverts

The blackout hints at worse to come, as consumers may face becoming locked out of services provided by overseas companies that are not yet compliant with the General Data Protection Regulation.

Twitter and Instagram is deactivating the accounts of users who have not signed up to their latest terms and conditions by the GDPR deadline and Facebook and Google have already had complaints lodged against them over claims that they are breaching the law by "forcing" users to consent to their privacy policies by offering them no other option.  

To further add to the chaos, some customers have complained that various internet-connected smart home products have stopped working.

People in Europe who use internet-connected lightbulbs from Chinese technology company Yeelight found themselves unable to turn their lights on or off from their smartphones. Google-owned Nest, which sells internet-connected thermostats and security cameras, asked customers in Europe to agree to its updated privacy policy before they could adjust the temperature on their thermostats remotely. 

Those who fall foul of the law face fines of up to €20m or 4pc of global turnover - whichever is highest. Europeans may start to see websites and services failing to function properly as overseas companies try to dodge liability. 

Most of the media blackout appears to be down to widespread confusion over what the GDPR forbids. The British trade body for solicitors, the Law Society, suffered emarrassment when it was pointed out that it had been incorrectly advising members seek consent from people it held records on, and delete records if it was unable to do so. 

"Start amending or deleting the records of individuals who have either denied consent or have not responded by the deadline you have given," it recommended. It has since removed the advice from its website

Why am I getting GDPR emails?

Friday's deadline is why many consumers have been receiving countless emails with the heading “your data, your decision”, “don’t miss out” or “updates to our privacy policy”.

GDPR | Read more

Most of these are completely unnecessary. The new law ensures that companies only store data that is “necessary” to function or offer its service, but it does not state that companies must delete accounts from consumers how have not re-opted in for marketing emails.

Despite this, apps including games, organisational tools, blockchain and graphics services used by thousands of people are throwing in the towel over concerns they may be fined if found to be in breach of the General Data Protection Regulation (GDPR).

Instapaper, a popular app that saves web pages to be read later on a smartphone or Kindle, warned European residents the service will be suspended until it is compliant.

“We apologise for any inconvenience and we intend to restore access as soon as possible,” an email to account holders read.

Companies block Europeans rather than comply with data law | Will the GDPR fallout continue?

Some businesses have resorted to deleting all the accounts of European users, blocking their services, including subscription management service Unroll.me. The US-based app helps get rid of spam and unsubscribes users from annoying marketing emails - an issue GDPR is supposed to be alleviating. A notice to Unroll.me customers read: “Trust us, we don’t want to delete your account either, but it’s the law”.

Piktochart, a graphics design tool is deleting European accounts. Other victims include a number of independent video games makers like Loadout, Super Monday Night Combat and Ragnarok Online.

What is GDPR compliance and will it affect you?

Under GDPR, businesses must be able to prove that the data they collect is relevant and for a specific purpose. It must also be accurate, secure and up to date.

Consumers will also now have the right to get clearer information about the data they are giving up and the right for that data to be forgotten, so privacy policies need to be written in plain English, not legal-speak. Additionally, you will be able to see what data has been processed and you will need to give active consent for your data to be taken.

Technology intelligence - newsletter promo - EOA

If your data is breached, companies must quickly inform users within a 72 hour deadline or face a €10m (£8.75m), or 2pc of their turnover, and those found not to have followed the rules around processing data could face fines of €20m, or 4pc of turnover.

These are far greater than fines currently meted out than under previous rules. TalkTalk was fined £400,000 by the Information Commissioner’s Office in 2016, a record, but this could have been up to €59m under the new rules. That said, the ICO is supposed to enact “proportionate” fines, so they may not be so steep.